The Meltdown and Spectre controversy still seems pretty potent among tech circles, but Apple has now released patches for older versions of its macOS operating system to make sure many of its Apple users are covered and secure.
After rolling out kernel fixes for macOS High Sierra very recently, the Cupertino tech company has now followed it up with security updates that address critical vulnerabilities in macOS Sierra and even OS X El Capitan.
Apple Outs Security Fixes For Sierra, El Capitan
Apple's Security Update 2018-001 for Sierra and El Capitan come with a handful of kernel security improvements, which work to nullify threats brought about by the aforementioned chip flaws. One patch found in the support document fixes a vulnerability that allows an attacker to have unauthorized access to information on computers with microprocessors utilizing speculative execution. The other patches address risks in regard to read restricted memory, memory corruption, and kernel privileges.
To cut it short, the update just means that more Mac users will be safe from a vulnerability that affects hundreds of millions of Intel chips made over the past two decades. Patches, for the uninitiated, are small updates that can improve a software or an entire operating system.
Meltdown And Spectre Flaws
The updates for Sierra and El Capitan arrive more than two weeks after Apple released security fixes for High Sierra. That was shortly after reporters made a groundbreaking revelation that security researchers had discovered the Meltdown chip design flaw, plus a similar flaw called Spectre — which affect AMD chips and ARM ones.
It's not clear why patches for Sierra and El Capitan arrived later than the one for High Sierra, but it's still good to know that they're finally being rolled out.
The entire industry has been aghast since the vulnerabilities were first reported, and various companies have all been racing to release security patches to protect their consumers from the flaws. Intel recently called on manufacturers and users to halt some patches after several reports of unexpected reboots occurring for some.
Both Meltdown and Spectre exploit speculative execution, a performance feature that's integrated into nearly all modern microprocessors. These chips — either from Intel, AMD, or Apple — attempt to predict instruction streams for faster process execution. If one of the predicted paths isn't actually needed, the stream is canceled and the memory cache is thrown away. All this happens without the program even knowing. What's behind the Meltdown and Spectre flaws has something to do with being able to access certain areas of a memory cache, which opens the door to critical information, such as passwords.